\documentclass[A4,12pt]{article}
\usepackage{times}
\usepackage{enumerate}
\usepackage{amsmath}
\usepackage{graphicx}
%\usepackage{setspace}
%\doublespacing
%\numberwithin{equation}

\begin{document}
%
% paper title
% can use linebreaks \\ within to get better formatting as desired
\title{New paper 2}


\author{Chin-Chen Chang, Hai-Duong Le, Chia-Yin Lee, Chin-Hsiang Chang}% <-this % stops a space







% make the title area
\date{}
\maketitle


\begin{abstract}
%\boldmath

\textbf{Keywords:} authentication, key agreement, untraceability, anonymity, smart card, mobile communication
\end{abstract}

\section{Introduction}

The notation used in this papers are listed in the following.

\begin{tabular} {l p{13cm}}
$U$ & the user \\
$ID$ & the identity of $U$ \\
$PW$ & the password of $U$ \\
$S$ & the remote server \\ 
$x$ & a long term secret key of $S$ \\
$h(\cdot)$ & a public one-way hash function \\
$E_x(\cdot)$, $D_x(\cdot)$ &  secure symmetric encryption, decryption algorithms with the secret key $x$ \\
$r$, $n$ & two random numbers \\

\end{tabular}

\section{Related work}

\subsection{Review of Yeh et al.'s scheme}

\subsubsection{Registration phase}
In this phase, the user $U$ initiates communication with the server $S$ by sending the registeration request $\{ID, h(PW), r\}$ over a secure channel, where $PW$ and $r$ are the password and the random number chosen by $U$, respectively. Upon receive the request from $U$, the server computes the following parameters:

$$N=h(r \| x) \oplus h(PW)$$
and $$Y=h(ID \| h(r \| x))) \text{ ,}$$
where $x$ is the server's long term secret key. Then, the server $S$ issues a smart card containing $\{r, N, Y, h(\cdot)\}$ to the user $U$.

\subsubsection{Login and authentication phase}
To start the login process, the user $U$ inserts his smart card into a card reader and provides the card reader with his identity $ID$ and password $PW$. In this phase, the smart card has two main tasks. The first task is to verify the given $ID$ and $PW$; it will reject the login request if either $ID$ or $PW$ is invalid. The second task is to initiate and establish a secure and mutual authenticated session with the server $S$. 

The smart card verifies the user's identity $ID$ and the password $PW$ as follows:

\begin{itemize}
\item It first derives the hash value $h(r \| x)'$ from $N$, where $h(r \| x)' = N \oplus h(PW)$. Next, it computes $Y'=h(ID \| h(r \| x)')$.
\item The smart card checks whether $Y'$ matches $Y$, which is stored in the smart card memory. If the values are not identical, the request login is rejected by the smart card; otherwise, the smart card continues the login procedure.
\end{itemize}

After authenticating the user $U$, the smart card performs initiating and establishing an authenticated session with the server $S$ as follows:

\begin{enumerate}

\item  The smart card choose a nonce $n$ and computes the following parameters:
$$K = h(r \| x)' \oplus n \text{ ,}$$
$$L = ID \oplus h(h(r \| x)'  \| n) \text{ ,}$$
and $$CID = h(ID \| n) \text{ .}$$
Afterwards, the smart card sends the login request message
\begin{equation}
\label{1}
\tag{1}
\{CID, r, K, L\}
\end{equation}
to the server $S$.

\item Once receiving the login request from the user $U$, the server derives the identity $ID'$ of the user by using its long-term secret $x$ as follows:
$$ID' = h(M \| n') \oplus L \text{ ,}$$
where $$M = h(r \| x) \text{ ,and } n' = M \oplus K$$
Subsequently, it computes the value $CID' = h(ID' \| n')$ and compares $CID'$ with the received $CID$. If they are equal, the server is confident that $U$ is valid; otherwise, $S$ rejects the login request. In the case $U$ is a legitimate user, $S$ computes $a' = h(h(n' \| ID' \| h(r \|x)')$ and sends the response message
\begin{equation}
\label{2}
\tag{2}
\{a'\}
\end{equation}
to the smart card. The server computes the session key $SK =h(h(n') \| h(r \| x)')$.

\item When the response from the server arrives, the smart card computes $a = h(h(n \| ID \| h(r \|x))$. If $a$ is equal to $a'$, the smart card trusts that $S$ is valid and constructs the session key $SK =h(h(n) \| h(r \| x))$.
\end{enumerate}

Finally, the server $S$ and the user $U$ are mutually authenticated and share the session key $SK$ for the secure communication that follows. 

\subsubsection{Password Changing Phase}
In password changing phase, the smart card first performs user verification similarly to its first task in the login phase. If the user provides valid $ID$ and $PW$, the smart will ask $U$ to enter his new password $PW^*$ and replace the value $N$, in its memory, with $N^* = N \oplus h(PW) \oplus h(PW^*)$. Afterwards, the password is changed without the server's assistance.

\subsection{Vulnerabilities of Yeh et al.'s scheme}
In this section, we analyze the security issues in Yeh et al.'s scheme. We first give evidence that this scheme does not provide mutual authentication between the server and its users because Yeh et al.'s scheme is subjected to \emph{replay attack} in login phase. This makes the server to accept any login request which is replayed by an adversary. Consequently, the adversary is able to \emph{masquerade} any legitimate user to access the server. Moreover, the scheme is susceptible to \emph{off-line password guessing attack}. 

\subsubsection{Replay attack}

\subsubsection{Masquerade attack}

\subsubsection{Off-line password attack}

\section{The proposed scheme}

\section{Security Analysis}

\section{Performance Analysis}

\section{Conclusions}

\bibliographystyle{plain}
\bibliography{science}

\end{document}


